OSS uses JSON-formatted authorization policies for fine-grained access control. This topic is a quick reference for the syntax and elements of these policies.
Authorization syntax
OSS authorization policies use JSON with two core fields: Version and Statement.
Syntax structure
{
"Version": "1",
"Statement": [
{
"Effect": "Allow|Deny",
"Action": ["oss:ActionName"],
"Principal": ["UID|*"],
"Resource": ["acs:oss:*:*:bucket-name/*"],
"Condition": {
"ConditionOperator": {
"ConditionKey": ["Value"]
}
}
}
]
}
Field descriptions
|
Field |
Description |
Required |
|
Version |
The policy version. Fixed to |
Yes |
|
Statement |
The policy body. Contains one or more allow or deny rules. |
Yes |
Statement elements
|
Element |
Description |
Required |
|
Effect |
The policy effect. Valid values: |
Yes |
|
Action |
The operation on a resource. Supports the wildcard |
Yes |
|
Principal |
The entity the policy affects, such as a user, account, or role. An empty list |
Required for bucket policies |
|
Resource |
The resources the policy affects. Supports the wildcard |
Yes |
|
Condition |
The conditions under which the policy takes effect. Multiple conditions use an AND relationship: all conditions must be met. |
No |
Action
Actions are categorized into service-level, bucket-level, and object-level operations.
Service level
|
API |
Action |
API description |
|
oss:ListBuckets |
Lists all buckets that the requester owns. |
|
|
oss:ListUserDataRedundancyTransition |
Lists all storage redundancy transition tasks for the requester. |
|
|
None |
oss:ActivateProduct |
Activates OSS and the Content Moderation service. |
|
None |
oss:CreateOrder |
Creates orders for OSS resource plans. |
|
oss:PutPublicAccessBlock |
Enables Block Public Access for all of OSS. |
|
|
oss:GetPublicAccessBlock |
Gets the global Block Public Access configuration. |
|
|
oss:DeletePublicAccessBlock |
Deletes the global Block Public Access configuration. |
Bucket level
|
API |
Action |
API description |
|
oss:PutBucket |
Creates a bucket. |
|
|
oss:ListObjects |
Lists information about all objects in a bucket. |
|
|
oss:GetBucketInfo |
Views information about a bucket. |
|
|
oss:GetBucketLocation |
Views the location information of a bucket. |
|
|
oss:GetBucketStat |
Gets the storage capacity and number of files in a bucket. |
|
|
oss:PutBucketVersioning |
Sets the versioning state for a specified bucket. |
|
|
oss:GetBucketVersioning |
Gets the versioning state of a specified bucket. |
|
|
oss:ListObjectVersions |
Lists version information for all objects in a bucket, including delete markers. |
|
|
oss:PutBucketAcl |
Sets or modifies the ACL of a bucket. |
|
|
oss:GetBucketAcl |
Gets the ACL of a bucket. |
|
|
oss:DeleteBucket |
Deletes a bucket. |
|
|
oss:InitiateBucketWorm |
Creates a retention policy. |
|
|
oss:AbortBucketWorm |
Deletes an unlocked retention policy. |
|
|
oss:CompleteBucketWorm |
Locks a retention policy. |
|
|
oss:ExtendBucketWorm |
Extends the retention period in days for objects in a bucket that has a locked retention policy. |
|
|
oss:GetBucketWorm |
Gets information about a retention policy. |
|
|
oss:PutBucketLogging |
Enables log storage for a bucket. |
|
|
oss:PutObject |
When log storage is enabled for a source bucket, this action writes logs to the destination bucket. |
|
|
oss:GetBucketLogging |
Views the log storage configuration of a bucket. |
|
|
oss:DeleteBucketLogging |
Disables log storage for a bucket. |
|
|
oss:PutBucketWebsite |
Configures a bucket for static website hosting and sets its redirection rules (RoutingRule). |
|
|
oss:GetBucketWebsite |
Views the static website hosting status and redirection rules of a bucket. |
|
|
oss:DeleteBucketWebsite |
Disables static website hosting for a bucket and clears its redirection rules. |
|
|
oss:PutBucketReferer |
Configures hotlink protection for a bucket. |
|
|
oss:GetBucketReferer |
Views the hotlink protection (Referer) configuration of a bucket. |
|
|
oss:PutBucketLifecycle |
Sets a lifecycle rule for a bucket. |
|
|
oss:GetBucketLifecycle |
Views the lifecycle rule of a bucket. |
|
|
oss:DeleteBucketLifecycle |
Deletes the lifecycle rule of a bucket. |
|
|
oss:PutBucketTransferAcceleration |
Configures transfer acceleration for a bucket. |
|
|
oss:GetBucketTransferAcceleration |
Views the transfer acceleration configuration of a bucket. |
|
|
oss:ListMultipartUploads |
Lists all in-progress multipart upload events that have been initiated but not completed or aborted. |
|
|
oss:PutBucketCors |
Sets the cross-origin resource sharing (CORS) rules for a specified bucket. |
|
|
oss:GetBucketCors |
Gets the current CORS rules for a specified bucket. |
|
|
oss:DeleteBucketCors |
Disables the CORS feature for a specified bucket and clears all rules. |
|
|
oss:PutBucketPolicy |
Sets the authorization policy for a specified bucket. |
|
|
oss:GetBucketPolicy |
Gets the authorization policy of a specified bucket. |
|
|
oss:DeleteBucketPolicy |
Deletes the authorization policy of a specified bucket. |
|
|
oss:PutBucketTagging |
Adds or modifies the tags of a specified bucket. |
|
|
oss:GetBucketTagging |
Gets the tags of a bucket. |
|
|
oss:DeleteBucketTagging |
Deletes the tags of a bucket. |
|
|
oss:PutBucketEncryption |
Configures the encryption rules for a bucket. |
|
|
oss:GetBucketEncryption |
Gets the encryption rules of a bucket. |
|
|
oss:DeleteBucketEncryption |
Deletes the encryption rules of a bucket. |
|
|
oss:PutBucketRequestPayment |
Configures the pay-by-requester mode. |
|
|
oss:GetBucketRequestPayment |
Gets the pay-by-requester configuration. |
|
|
oss:PutBucketReplication |
Sets the data replication rules for a bucket. |
|
|
oss:ReplicateGet |
Sets cross-account data replication rules for a bucket or specifies a RAM role for replication. |
|
|
oss:PutBucketRTC |
Enables or disables replication time control (RTC) for an existing cross-region replication rule. |
|
|
oss:GetBucketReplication |
Gets the configured data replication rules for a bucket. |
|
|
oss:DeleteBucketReplication |
Stops data replication for a bucket and deletes its replication configuration. |
|
|
oss:GetBucketReplicationLocation |
Gets the regions where destination buckets for replication can be located. |
|
|
oss:GetBucketReplicationProgress |
Gets the data replication progress for a bucket. |
|
|
oss:PutBucketInventory |
Configures inventory rules for a bucket. |
|
|
oss:GetBucketInventory |
Views a specified inventory task in a bucket. |
|
|
oss:GetBucketInventory |
Gets all inventory tasks in a bucket in a batch operation. |
|
|
oss:DeleteBucketInventory |
Deletes a specified inventory task in a bucket. |
|
|
oss:PutBucketAccessMonitor |
Configures the access tracking status for a bucket. |
|
|
oss:GetBucketAccessMonitor |
Gets the access tracking status of a bucket. |
|
|
oss:OpenMetaQuery |
Enables the metadata management feature for a bucket. |
|
|
oss:GetMetaQueryStatus |
Gets the metadata index information for a bucket. |
|
|
oss:DoMetaQuery |
Queries objects that match specified conditions and lists information sorted by specified fields. |
|
|
oss:CloseMetaQuery |
Disables the metadata management feature for a bucket. |
|
|
oss:InitUserAntiDDosInfo |
Creates an Anti-DDoS for OSS instance. |
|
|
oss:UpdateUserAntiDDosInfo |
Changes the status of an Anti-DDoS for OSS instance. |
|
|
oss:GetUserAntiDDosInfo |
Queries for information about Anti-DDoS for OSS instances under a specified account. |
|
|
oss:InitBucketAntiDDosInfo |
Initializes protection for a bucket. |
|
|
oss:UpdateBucketAntiDDosInfo |
Updates the protection status of a bucket. |
|
|
oss:ListBucketAntiDDosInfo |
Gets a list of protection information for a bucket. |
|
|
oss:PutBucketResourceGroup |
Sets the resource group to which a bucket belongs. |
|
|
oss:GetBucketResourceGroup |
Queries the ID of the resource group to which a bucket belongs. |
|
|
oss:CreateCnameToken |
Creates a CnameToken required for domain name ownership verification. |
|
|
oss:GetCnameToken |
Gets a created CnameToken. |
|
|
oss:PutCname |
Attaches a custom domain name to a bucket. |
|
|
yundun-cert:DescribeSSLCertificatePrivateKey yundun-cert:DescribeSSLCertificatePublicKeyDetail yundun-cert:CreateSSLCertificate |
Attaches a certificate when you attach a custom domain name to a bucket. |
|
|
oss:ListCname |
Gets a list of all custom domain names (Cnames) attached to a bucket. |
|
|
oss:DeleteCname |
Deletes a Cname that is attached to a bucket. |
|
|
oss:PutStyle |
Sets an image style. |
|
|
oss:GetStyle |
Gets an image style. |
|
|
oss:ListStyle |
Lists image styles. |
|
|
oss:DeleteStyle |
Deletes an image style. |
|
|
oss:PutBucketArchiveDirectRead |
Enables or disables real-time access of Archive objects for a bucket. |
|
|
oss:GetBucketArchiveDirectRead |
Checks whether real-time access of Archive objects is enabled for a bucket. |
|
|
oss:CreateAccessPoint |
Creates an access point. |
|
|
oss:GetAccessPoint |
Gets information about a single access point. |
|
|
oss:DeleteAccessPoint |
Deletes an access point. |
|
|
oss:ListAccessPoints |
Gets information about user-level and bucket-level access points. |
|
|
oss:PutAccessPointPolicy |
Configures an access point policy. |
|
|
oss:GetAccessPointPolicy |
Gets information about an access point policy. |
|
|
oss:DeleteAccessPointPolicy |
Deletes an access point policy. |
|
|
oss:PutBucketHttpsConfig |
Enables or disables TLS version settings for a bucket. |
|
|
oss:GetBucketHttpsConfig |
Views the TLS version settings for a bucket. |
|
|
None |
oss:ReplicateList |
The list permission for replication. Lets OSS list and replicate historical data from the source bucket. |
|
oss:CreateAccessPointForObjectProcess |
Creates an object FC access point. |
|
|
oss:GetAccessPointForObjectProcess |
Gets basic information about an object FC access point. |
|
|
oss:DeleteAccessPointForObjectProcess |
Deletes an object FC access point. |
|
|
oss:ListAccessPointsForObjectProcess |
Gets information about user-level object FC access points. |
|
|
oss:PutAccessPointConfigForObjectProcess |
Modifies the configuration of an object FC access point. |
|
|
oss:GetAccessPointConfigForObjectProcess |
Gets the configuration information of an object FC access point. |
|
|
oss:PutAccessPointPolicyForObjectProcess |
Configures an access policy for an object FC access point. |
|
|
oss:GetAccessPointPolicyForObjectProcess |
Gets the access policy configuration of an object FC access point. |
|
|
oss:DeleteAccessPointPolicyForObjectProcess |
Deletes the access policy of an object FC access point. |
|
|
oss:WriteGetObjectResponse |
Customizes the returned data and response headers. |
|
|
oss:CreateBucketDataRedundancyTransition |
Creates a storage redundancy transition task. |
|
|
oss:GetBucketDataRedundancyTransition |
Gets a storage redundancy transition task. |
|
|
oss:DeleteBucketDataRedundancyTransition |
Deletes a storage redundancy transition task. |
|
|
oss:ListBucketDataRedundancyTransition |
Lists all storage redundancy transition tasks in a bucket. |
|
|
oss:PutBucketPublicAccessBlock |
Enables Block Public Access for a bucket. |
|
|
oss:GetBucketPublicAccessBlock |
Gets the Block Public Access configuration of a bucket. |
|
|
oss:DeleteBucketPublicAccessBlock |
Deletes the Block Public Access configuration of a bucket. |
|
|
oss:PutAccessPointPublicAccessBlock |
Enables Block Public Access for an access point. |
|
|
oss:GetAccessPointPublicAccessBlock |
Gets the Block Public Access configuration of an access point. |
|
|
oss:DeleteAccessPointPublicAccessBlock |
Deletes the Block Public Access configuration of an access point. |
|
|
oss:GetBucketPolicyStatus |
Checks whether the current bucket policy allows public access. |
|
|
oss:PutBucketOverwriteConfig |
Configures the disallow overwrite setting for a bucket. |
|
|
oss:GetBucketOverwriteConfig |
Gets the disallow overwrite configuration of a bucket. |
|
|
oss:DeleteBucketOverwriteConfig |
Deletes the disallow overwrite configuration of a bucket. |
Object level
|
API |
Action |
API description |
|
oss:PutObject |
Uploads an object. |
|
|
oss:PutObjectTagging |
When you upload an object, use x-oss-tagging to specify the object tag. |
|
|
kms:GenerateDataKey kms:Decrypt |
When you upload an object, specify that the object metadata contains X-Oss-Server-Side-Encryption: KMS. |
|
|
oss:PutObject |
Uploads an object to a specified bucket using an HTML form. |
|
|
oss:PutObject |
Uploads an object by appending data. |
|
|
oss:PutObjectTagging |
When you upload an object by appending data, use x-oss-tagging to specify the object tag. |
|
|
oss:PutObject |
Initializes a multipart upload task. |
|
|
oss:PutObjectTagging |
When you initialize a multipart upload task, use x-oss-tagging to specify the object tag. |
|
|
kms:GenerateDataKey kms:Decrypt |
When you initialize a multipart upload task, specify that the object metadata contains X-Oss-Server-Side-Encryption: KMS. |
|
|
oss:PutObject |
Uploads data in parts based on the specified object name and uploadId. |
|
|
oss:PutObject |
After all parts are uploaded, completes the multipart upload of the entire object. |
|
|
oss:PutObjectTagging |
After all parts are uploaded, completes the multipart upload of the entire object and specifies its tags. |
|
|
oss:AbortMultipartUpload |
Cancels a multipart upload event and deletes the corresponding part data. |
|
|
oss:PutObject |
Creates a symbolic link for a target object in OSS. |
|
|
oss:PutObjectTagging |
Creates a symbolic link with a specified object tag for a target object in OSS. |
|
|
oss:GetObject |
Gets an object. |
|
|
kms:Decrypt |
Downloads an object that is encrypted with a specified KMS key. |
|
|
oss:GetObjectVersion |
Downloads a specified version of an object. |
|
|
oss:GetObject |
Gets the metadata of an object. |
|
|
oss:GetObject |
Gets the metadata of an object, including its ETag, Size, and LastModified information. |
|
|
oss:GetObject |
Executes an SQL statement on a target object and returns the result. |
|
|
oss:GetObject |
Gets the symbolic link of a target object. |
|
|
oss:DeleteObject |
Deletes an object. |
|
|
oss:DeleteObjectVersion |
Deletes a specified version of an object. |
|
|
oss:DeleteObject |
Deletes multiple objects from the same bucket. |
|
|
oss:GetObject oss:PutObject |
Copies an object between buckets in the same region. The buckets can be the same or different. |
|
|
oss:GetObjectVersion |
Copies a specified version of an object between buckets in the same region. The buckets can be the same or different. |
|
|
oss:GetObjectTagging oss:PutObjectTagging |
Copies an object with specified tags between buckets in the same region. The buckets can be the same or different. |
|
|
kms:GenerateDataKey kms:Decrypt |
When you copy an object, specify that the metadata of the destination object contains X-Oss-Server-Side-Encryption: KMS. |
|
|
oss:GetObjectVersionTagging |
Copies a version of an object with specified tags between buckets in the same region. The buckets can be the same or different. |
|
|
oss:GetObject oss:PutObject |
Copies data from an existing object to upload a part by adding the x-oss-copy-source header to an UploadPart request. |
|
|
oss:GetObjectVersion |
Copies data from a specified version of an existing object to upload a part by adding the x-oss-copy-source header to an UploadPart request. |
|
|
oss:ListParts |
Lists all successfully uploaded parts that belong to a specified Upload ID. |
|
|
oss:PutObjectAcl |
Modifies the ACL of an object in a bucket. |
|
|
oss:PutObjectVersionAcl |
Modifies the ACL of a specified version of an object in a bucket. |
|
|
oss:GetObjectAcl |
Gets the ACL of an object in a bucket. |
|
|
oss:GetObjectVersionAcl |
Gets the ACL of a specified version of an object in a bucket. |
|
|
oss:RestoreObject |
Restores an object of the Archive Storage, Cold Archive, or Deep Cold Archive storage class. |
|
|
oss:RestoreObjectVersion |
Restores a specified version of an object of the Archive Storage, Cold Archive, or Deep Cold Archive storage class. |
|
|
oss:PutObjectTagging |
Sets or updates the tagging information of an object. |
|
|
oss:PutObjectVersionTagging |
Sets or updates the tagging information of a specified version of an object. |
|
|
oss:GetObjectTagging |
Gets the tagging information of an object. |
|
|
oss:GetObjectVersionTagging |
Gets the tagging information of a specified version of an object. |
|
|
oss:DeleteObjectTagging |
Deletes the tagging information of a specified object. |
|
|
oss:DeleteObjectVersionTagging |
Deletes the tagging information of a specified version of an object. |
|
|
oss:PutLiveChannel |
Before uploading audio and video data over RTMP, call this API to create a LiveChannel. |
|
|
oss:ListLiveChannel |
Lists specified LiveChannels. |
|
|
oss:DeleteLiveChannel |
Deletes a specified LiveChannel. |
|
|
oss:PutLiveChannelStatus |
Switches the status between enabled and disabled. |
|
|
oss:GetLiveChannel |
Gets the configuration information of a specified LiveChannel. |
|
|
oss:GetLiveChannelStat |
Gets the stream ingest status of a specified LiveChannel. |
|
|
oss:GetLiveChannelHistory |
Gets the stream ingest records of a specified LiveChannel. |
|
|
oss:PostVodPlaylist |
Generates a playlist for video-on-demand for a specified LiveChannel. |
|
|
oss:GetVodPlaylist |
Views the playlist generated from stream ingest for a specified LiveChannel within a specified time period. |
|
|
None |
oss:PublishRtmpStream |
Pushes audio and video data streams to RTMP. |
|
None |
oss:ProcessImm |
The permission to use IMM for data processing through OSS. |
|
oss:GetObject |
The permission to use IMM for data processing through a POST request. |
|
|
oss:PutObject |
The permission to use IMM for Saveas data processing. |
|
|
oss:PostProcessTask |
Saves the processed image to a specified bucket. |
|
|
imm:CreateOfficeConversionTask |
The permission to use IMM for document conversion or snapshots. |
|
|
imm: GenerateWebofficeToken |
Obtains a Weboffice token. |
|
|
imm:RefreshWebofficeToken |
Refreshes a Weboffice token. |
|
|
None |
oss:ReplicateGet |
The read permission for replication. Lets OSS read data and metadata from the source and destination buckets, including objects, parts, and multipart uploads. |
|
None |
oss:ReplicatePut |
The write permission for replication. Lets OSS write objects, multipart uploads, parts, and symbolic links, and modify metadata on the destination bucket. |
|
None |
oss:ReplicateDelete |
The delete permission for replication. Lets OSS perform DeleteObject, AbortMultipartUpload, and DeleteMarker operations on the destination bucket. Note
You must grant this action to the RAM role only when you select Sync All for data replication. |
Resource pool QoS
|
API |
Action |
API description |
|
oss:PutBucketQoSInfo |
Sets throttling for a bucket in a resource pool. |
|
|
oss:GetBucketQoSInfo |
Gets the throttling configuration for a bucket in a resource pool. |
|
|
oss:DeleteBucketQoSInfo |
Deletes the throttling configuration for a specified bucket in a resource pool. |
|
|
oss:PutBucketRequesterQoSInfo |
Sets bucket-level throttling for a requester. |
|
|
oss:GetBucketRequesterQoSInfo |
Gets the bucket-level throttling configuration for a specified requester. |
|
|
oss:ListBucketRequesterQoSInfo |
Gets the bucket-level throttling configurations for all requesters. |
|
|
oss:DeleteBucketRequesterQoSInfo |
Deletes the throttling configuration for a requester of a bucket. |
|
|
oss:ListResourcePools |
Gets information about all resource pools under the current account. |
|
|
oss:GetResourcePoolInfo |
Gets the throttling configuration of a specified resource pool. |
|
|
oss:ListResourcePoolBuckets |
Gets the list of buckets included in a specified resource pool. |
|
|
oss:PutResourcePoolRequesterQoSInfo |
Configures throttling for a requester of a resource pool. |
|
|
oss:GetResourcePoolRequesterQoSInfo |
Gets the throttling configuration for a specified requester in a resource pool. |
|
|
oss:ListResourcePoolRequesterQoSInfos |
Gets the throttling configurations for all requesters in a resource pool. |
|
|
oss:DeleteResourcePoolRequesterQoSInfo |
Deletes the throttling configuration for a specified requester in a resource pool. |
Vector bucket
|
API |
Action |
API description |
|
oss:PutVectorBucket |
Creates a vector bucket. |
|
|
oss:GetVectorBucket |
Gets the details of a vector bucket. |
|
|
oss:ListVectorBuckets |
Lists all vector buckets that the requester owns. |
|
|
oss:DeleteVectorBucket |
Deletes a vector bucket. |
|
|
oss:PutBucketLogging |
Enables log storage for a vector bucket. |
|
|
oss:PutObject |
When log storage is enabled for a source vector bucket, this action writes logs to the destination bucket. |
|
|
oss:GetBucketLogging |
Views the log storage configuration of a vector bucket. |
|
|
oss:DeleteBucketLogging |
Disables log storage for a vector bucket. |
|
|
oss:PutBucketPolicy |
Sets the authorization policy for a specified vector bucket. |
|
|
oss:GetBucketPolicy |
Gets the authorization policy of a specified vector bucket. |
|
|
oss:DeleteBucketPolicy |
Deletes the authorization policy of a specified vector bucket. |
|
|
oss:PutVectorIndex |
Creates a vector index. |
|
|
oss:GetVectorIndex |
Gets the details of a vector index. |
|
|
oss:ListVectorIndexes |
Lists all vector indexes in a vector bucket. |
|
|
oss:DeleteVectorIndex |
Deletes a vector index. |
|
|
oss:PutVectors |
Writes vector data. |
|
|
oss:GetVectors |
Gets specified vector data. |
|
|
oss:ListVectors |
Lists all vector data in a vector index. |
|
|
oss:QueryVectors |
Performs a vector similarity search. |
|
|
oss:DeleteVectors |
Deletes specified vector data from a vector index. |
Resource
The Resource element specifies one or more resources. Use the asterisk (*) as a wildcard. A single bucket policy can include multiple resources.
Bucket
|
Category |
Format |
Example |
|
Bucket level |
|
|
|
Object level |
|
|
|
Resource pool level |
|
|
Vector bucket
|
Resource level |
Format |
Example |
|
All vector resources |
|
|
|
Vector bucket |
|
|
|
Vector index |
|
|
|
Vector data |
|
|
The region field currently supports only the wildcard asterisk (*).
Condition
The Condition element specifies when a policy takes effect. It consists of a condition operator, a condition key, and a condition value.
Condition operators
|
Condition operator type |
Supported types |
|
String |
|
|
Number |
|
|
Date and time |
|
|
Boolean |
Bool |
|
IP Address Type |
|
Condition keys
|
Condition key |
Description |
|
acs:SourceIp |
Specifies a standard IP CIDR block. Supports the wildcard asterisk ( |
|
acs:SourceVpc |
Specifies the VPC. The value can be a specific VPC ID or Note
When using |
|
acs:UserAgent |
Specifies the HTTP User-Agent header. Type: string. |
|
acs:CurrentTime |
The time when the request reaches the OSS server. Format: ISO 8601. |
|
acs:SecureTransport |
The protocol type of the request. Valid values:
If |
|
oss:x-oss-acl |
Restricts the bucket ACL type. Valid values:
|
|
oss:x-oss-object-acl |
Restricts the object ACL type. Valid values:
|
|
oss:Prefix |
Lists objects with a specified prefix in a ListObjects request. |
|
oss:Delimiter |
Groups object names in a ListObjects request. |
|
acs:AccessId |
The AccessId included in the request. |
|
oss:BucketTag |
A bucket tag. A single BucketTag can be used as a Condition. When you set multiple BucketTags, you must add the |
|
acs:MFAPresent |
Specifies whether multi-factor authentication (MFA) is enabled. Values:
|
|
oss:ExistingObjectTag |
The requested object is already tagged. A single ObjectTag can be used as a condition. When you use multiple ObjectTags, you must add This applies mainly to APIs for reading files, such as |
|
oss:RequestObjectTag |
The object tags included in the request. A single object tag can be used as a condition. When multiple object tags are specified, you must add This mainly applies to API operations for writing files, such as |